Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities.
e6d22d7021bfb287cc6ae6f292362183cb62e754091ade52c2acd1b0086f7d72
This bulletin summary lists 7 released Microsoft security bulletins for July, 2013.
180019270f7e502d4291099c0b53cd007c7aa0e3cd85bffc2410d975895a3acd
Whitepaper called the Poor Man's Security Lab. It provides walk throughs for setting up various virtualized hosts.
a46c8da5a0bbcc6e045f7533314b35492b482573a49ea4b0bc0f4954b92642f1
Linux kernel versions up to 3.10 suffer from a libceph null pointer dereference vulnerability.
97fc632dd5328279c3f77035f5bedff6103ed9285f01dcac6d213e5c55b9bd44
Ubuntu Security Notice 1902-1 - William (B.J.) Snow Orvis discovered that Ruby incorrectly verified the hostname in SSL certificates. An attacker could trick Ruby into trusting a rogue server certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.
17b6e172f6f500eb09224783bba48cd4ec53f79cee3f1b516d382ce45ce0368c
IOActive Security Advisory - DASDEC-I and DASDEC-II from Digital Alert Systems (DAS), which are used in the Emergency Alert System, have an embedded root ssh key that enables an attacker to transmit false emergency information over a large geographic area.
b32108bd2c0d9441bb1f18cfa9a0bc8a321063c45c679b287a55fffbc1d67034
Apache CXF versions prior to 2.5.10, 2.6.7, and 2.7.4 suffer from a denial of service vulnerability.
bd800eccaafd0f41d9a2aa6be1e7ad144231f64eaa6af3b4f06fce8a84901843
Technical Cyber Security Alert 2013-190A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
597aa48cf8f13d8e76203ceb06c30e1a55cac7e00bffd1c1461cda21c9c6e258
Red Hat Security Advisory 2013-1028-01 - Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 roll up patch 1 is an update to Fuse ESB Enterprise 7.1.0 and includes bug fixes.
dbfdd55df544378dcc45bbf34e83daecacebea4051e3922e1233975573bd1954
Digital Whisper Electronic Magazine issue 43. Written in Hebrew.
92c4e2b59d270500c8f8a66357e2d864f89bc5ed73512733e091f655fc582cb1
Red Hat Security Advisory 2013-1026-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges.
b2762b397b08d9221223dfd977b06176c19c33b3c398947bbd9f500e79632400
Joomla Attachments component suffers from a remote shell upload vulnerability.
1118e6723abe23812d4c09d598a6d831cec1b36454e39e2b9c1ca53527c34578
This Metasploit module exploits a buffer overflow vulnerability found in ERS Viewer 2013. The vulnerability exists in the module ermapper_u.dll, where the function rf_report_error handles user provided data in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This Metasploit module has been tested successfully with ERS Viewer 2013 (versions 13.0.0.1151) on Windows XP SP3 and Windows 7 SP1.
34af08f8dddf30575d54f3ae715a7d1578f9f140985dc2fe0ec36bc406b9b344
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
aac15aaf0d03d26bf50d2e8bdac74ca9d7211dd4cf20047e529390d3ebdd7df1
Ubuntu Security Notice 1901-1 - Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program.
129bfa80ff19162520bf13eed9fe89bfddd3574089068101f024e5bd08c06df6
Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.
1d43aaccbe3da7de634097317cf9714ebe9b35ed10bc08f213f6214f84e9bdeb